Lucene search
K

35 matches found

Github Security Blog
Github Security Blog
added 2020/06/10 8:27 p.m.39 views

Prototype Pollution in ini-parser

All versions of ini-parser are vulnerable to prototype pollution. The parse function does not restrict the modification of an Object's prototype, which may allow an attacker to add or modify an existing property that will exist on all objects. Recommendation No fix is currently available. Conside...

9.8CVSS5.6AI score0.00864EPSS
Exploits0References5Affected Software1
Node.js
Node.js
added 2020/04/09 7:40 p.m.27 views

Prototype Pollution

Overview All versions of ini-parser are vulnerable to prototype pollution. The parse function does not restrict the modification of an Object's prototype, which may allow an attacker to add or modify an existing property that will exist on all objects. Recommendation No fix is currently available...

7.5CVSS4.5AI score0.00864EPSS
Exploits0Affected Software1
Veracode
Veracode
added 2020/04/03 10:42 a.m.20 views

Prototype Pollution

ini-parser is vulnerable to prototype pollution. An attacker is able to add and modify arbitrary properties via Object.prototype using a proto payload...

9.8CVSS4.5AI score0.00864EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2020/04/03 12:0 a.m.3 views

Ini-parser Resource Management Error Vulnerability

Ini-parser is a parser for .ini format files. A resource management error vulnerability exists in ini-parser 0.0.2 and earlier versions. An attacker can exploit this vulnerability to add or modify properties of Object.prototype to execute arbitrary code...

9.8CVSS7.5AI score0.00864EPSS
Exploits0References1
OSV
OSV
added 2020/04/02 6:15 p.m.7 views

CVE-2020-7617

ini-parser through 0.0.2 is vulnerable to Prototype Pollution.The library could be tricked into adding or modifying properties of Object.prototype using a 'proto' payload...

9.8CVSS7.3AI score0.00864EPSS
Exploits0References2
NVD
NVD
added 2020/04/02 6:15 p.m.26 views

CVE-2020-7617

ini-parser through 0.0.2 is vulnerable to Prototype Pollution.The library could be tricked into adding or modifying properties of Object.prototype using a 'proto' payload...

9.8CVSS5.7AI score0.00864EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/04/02 6:0 p.m.36 views

CVE-2020-7617 Prototype Pollution

ini-parser through 0.0.2 is vulnerable to Prototype Pollution.The library could be tricked into adding or modifying properties of Object.prototype using a 'proto' payload...

4.4CVSS9.4AI score0.00864EPSS
Exploits0References2
CVE
CVE
added 2020/04/02 6:0 p.m.57 views

CVE-2020-7617

The CVE-2020-7617 entry concerns the ini-parser package (up to version 0.0.2) and describes a Prototype Pollution vulnerability. An attacker can exploit a proto payload to add or modify properties on Object.prototype, enabling potential attacker-controlled behavior across JavaScript objects. Seve...

9.8CVSS6.7AI score0.00864EPSS
Exploits0References2Affected Software1
vulnersOsv
vulnersOsv
added 2020/04/01 12:0 a.m.4 views

@dawnjs/cli (>=1.11.0 <=1.13.7), @dawnjs/dn-middleware-lint (=3.0.12) +49 more potentially affected by CVE-2020-7617 via ini-parser (=0.0.2)

ini-parser NPM version =0.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on ini-parser and may be impacted: - @dawnjs/cli =1.11.0, =1.0.0, =0.0.1, =1.0.0-beta, =0.0.2, =0.0.1, =0.5.12, =1.0.1, =0.0.1, =3.0.0, =1.0.11, =1.1.4 and more Source cves:...

9.8CVSS7.2AI score0.00864EPSS
Exploits0
Snyk
Snyk
added 2020/04/01 12:0 a.m.3 views

Prototype Pollution

Overview ini-parser is a package to parse .ini files. Affected versions of this package are vulnerable to Prototype Pollution. The library could be tricked into adding or modifying properties of Object.prototype using a proto payload. PoC var a = require"ini-parser"; a.parse'proto\ntoString=JHU';...

9.8CVSS9AI score0.00864EPSS
Exploits0References2
Zero Day Initiative
Zero Day Initiative
added 2019/01/29 12:0 a.m.26 views

(0Day) Wecon LeviStudioU DataLogTool INI Parser Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within DataLogTool.ex...

6.8CVSS5.9AI score0.01901EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2018/05/04 12:0 a.m.31 views

Wecon LeviStudioU DataLogTool INI Parser Stack-based Buffer Overflow Code Execution Vulnerability

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within DataLogTool.exe. When...

4.6CVSS5.4AI score0.00732EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2018/05/03 5:6 a.m.11 views

php: Stack based 1-byte buffer over-write in zend_ini_do_op() function Zend/zend_ini_parser.c

In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a stack-based buffer overflow in the zendinidoop function in Zend/zendiniparser.c could cause a denial of service or potentially allow executing code. NOTE: this is only relevant for PHP applications that accept untrusted input...

7.8CVSS7.6AI score0.03365EPSS
Exploits0References4
OSV
OSV
added 2017/07/25 12:0 a.m.4 views

UBUNTU-CVE-2017-11628

In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a stack-based buffer overflow in the zendinidoop function in Zend/zendiniparser.c could cause a denial of service or potentially allow executing code. NOTE: this is only relevant for PHP applications that accept untrusted input...

7.8CVSS7.5AI score0.03365EPSS
Exploits0References4
CNVD
CNVD
added 2017/07/12 12:0 a.m.6 views

PHP 'zend_ini_do_op()' function buffer overflow vulnerability

PHP is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. A security vulnerability in the 'zendinidoop' function in the Zend/zendiniparser.c file in PHP allows remote attackers to exploit the vulnerability to submit a special...

7.8CVSS8.3AI score0.03365EPSS
Exploits0References1
Rows per page
Query Builder